• On-Site Training Proposed Schedule 


    Introduction to Digital Forensics 


    DAY ONE 
    DAY TWO 
    7:30 a.m. - 8:00 a.m.  Registration - Breakfast Pastries  Breakfast Pastries 
    8:00 a.m. - 9:20 a.m. 

    Computer Forensics and Investigations   

    This section will introduce the participant to the field of computer forensics and how it can be used in criminal, civil and administrative matters.


    This section covers: 

    • Understanding computer forensics
    • A brief history of computer forensics
    • Computer forensic resources
    • Understanding  law enforcement agency investigations
    • Understanding corporate investigations
    Computer Forensics Analysis 

    This section reviews how data is stored on a typical Windows XP computer system. The basis file structure will be viewed in an actual forensic setting as the instructor demonstrates the forensic analysis the file structure of the previously created image.


    This section covers: 

    • Exploring the basic Microsoft XP File system
    • User accounts
    • Deleted files
    • Hidden files 
    9:20 a.m. - 9:35 a.m.  Break  Break 
    9:35 a.m. - 10:55 a.m. 

    Preparing a Computer Forensic Investigation 

    This section shows the investigator how to recognize, plan for and manage a computer investigation.


    This section covers: 

    • Assessing the case
    • Planning the investigation
    • Gathering and securing the evidence
    • Required tools and skills
    • Completing the case

    Recovering Files 

    This section discusses and analyzes a computer system showing the investigator how to find deleted files, pictures, compressed files, and relevant documents. The investigator will be shown how to save and export the information in a report format.


    This section covers: 

    • Recognizing file types
    • Locating and recovering images and files
    • Locating data in unallocated areas
    • Building a computer user’s timeline


    10:55 a.m. - 11:10 a.m.  Break  Break 
    11:10 a.m. - 12:30 p.m. 

    Processing Crime and incident Scenes 

    This section guides the investigator through search and seizure scenarios. It includes corporate and law enforcement situations as well as overt vs. covert searches.


    This section covers: 


    Corporate Investigations 

    • Chain of custody
    • Corporate evidence collection and storage
    • Preparing for a search
    • Identifying computer users and their systems
    • Seizing vs. imaging (copying) onsite
    • Using additional technical expertise
    • Determining the types of tools needed


    Law enforcement 

    • Evidence collection and storage
    • Preparing for a search
    • Search warrant terminology
    • Identifying computer users and their systems
    • Seizing vs. imaging onsite
    • Using additional technical expertise
    • Determining the types of tools needed
    • Critical legal issue involving authors and the media
    Computer Forensic Analysis 

    This section shows the investigators how to locate and analyze the Internet history found on a computer.


    This section covers: 

    • Internet Explorer
    • Locating and extracting the data.
    • The value of the data
    • Date and time issues
    • Commons software tools used to analyze the data.
    • Exporting the results into a report format


    Email Investigations 

    This section shows the investigator how to recognize and identify different e-mail systems found on today’s computers. The class will be shown how to extract and analyze that information.


    This section covers: 

    • AOL e-mail
    • Outlook Express e-mail
    • Mozilla Thunderbird e-mail
    • Outlook
    • E-mail headers


    12:30 p.m. - 1:30 p.m.  Group Lunch  Lunch on Your Own 
    1:30 p.m. - 2:50 p.m. 

    Digital Evidence Controls 

    This section discusses how to handle digital evidence legally and properly. This topic is applicable to criminal, civil, and administrative cases. The objective for the investigator is legally and appropriately collecting all relevant digital data without harming or altering data that could cause the investigator to lose the case.


    This section covers: 

    • Identifying digital evidence
    • Time and date stamps
    • Understanding evidence rules
    • Understanding the fragile nature of the evidence
    • Securing digital evidence at the scene
    • Inventorying and storing evidence
    • Evidence retention

    Forensic Tools and Software—Forensic labs 

    This section discusses the different tools available to today’s investigators. These range from free software to listservs and organizations willing to assist the computer forensic examiner with advice and help. The second half of the section will touch on equipment and lab settings.


    This section covers: 

    • Types of computer forensic tools
    • Software
    • Computer forensic organizations
    • Listservs
    • Computer equipment
    • Certification
    •  Lab security
    2:50 p.m. - 3:05 p.m.  Break  Break 
    3:05 p.m. - 4:25 p.m. 

    Data Acquisition: Making Forensically Sound Images of Digital Media 

    This section covers a live demonstration showing the students how to make a forensic image of a common computer hard drive.


    This section covers: 

    • Making an image using common hardware/software based imaging techniques
    • Identifying cables and drive types
    • Making an actual image
    • Various imaging tools available

    Reports and Courtroom Testimony 

    This section discusses the importance of writing a computer forensic report that is detailed yet understandable to judges, juries, attorneys, and the layperson. The topic will also discuss preparing for court testimony. 


    This section covers: 

    • Limiting the report to specifics
    • Types of reports
    • Writing reports clearly
    • Helping your attorney
    • Documenting and preparing evidence
    • Current legal issues



Transparent Image